actor User {}

resource Repository {
  permissions = ["read", "write", "delete"];
  roles = ["reader", "writer", "admin"];

  "read" if "reader";
  "write" if "writer";
  "delete" if "admin";

  "reader" if "writer";
  "writer" if "admin";
}

has_role(actor: User, role_name: String, repository: Repository) if
  role in actor.roles and
  role_name = role.name and
  repository.name = role.repository;

has_permission(_actor: User, "read", repository: Repository) if
  repository.is_public;

allow(actor, action, resource) if
  has_permission(actor, action, resource);
